Requirements of this Act apply to online advertisement companies that use the Internet to provide online advertisement services within the Republic of China (R.O.C.) and have a certain scale.
The calculation standards for a certain scale in the preceding paragraph shall be established by the competent authority for industries related to the digital economy.
The competent authority for industries related to the digital economy shall announce the list of companies that comply with a certain scale based on the calculation standards stated in the preceding paragraph and regularly examine it and make timely adjustments.

Online advertisement platform operators shall publicly disclose the following information through appropriate methods:
1. Name or title of the company, representative, and legal representative mentioned in paragraph 1 of Article 29.
2. Address, telephone, e-mail, and other fast and direct communication and contact methods of the office or business venue.
3.Other information that shall be publicly disclosed by law.

If online advertisement platform operators and their representatives do not have a business venue or residence in the R.O.C. and have not established branches, the online advertisement platform operators shall designate a Taiwanese national, legally registered corporation, or a non-corporation group with a representative or manager in the R.O.C. as their legal representative in writing and report the name, title, domicile, office or business venue, telephone, and e-mail of the legal representative to the competent authority for industries related to the digital economy.
If licenses are required for business activities, operations, or investment of online advertisement platform operators in the preceding paragraph according to other laws, such licenses shall be obtained before reporting the legal representative.
Online advertisement platform operators shall grant necessary permission and resources to the legal representative mentioned in paragraph 1 to implement the following matters:
1. Act as the recipient designated by the online advertisement platform company.
2. Inform and assist the online advertisement platform company in complying with legal requirements for fraud prevention measures.
3.Other compliance tasks related to this Act and its relevant laws and regulations, as commissioned by the online advertisement platform company.
If any of the following circumstances occur to online advertisement platform operators, the competent authority for industries related to the digital economy may announce their names through appropriate methods:
1. Failure to designate and report the legal representative according to paragraph 1.
2. The legal representative neglects their duty to inform and assist as specified in subparagraph 2 of the preceding paragraph.
For online advertisement platform operators that fail to designate and report the legal representative according to paragraph 1, the competent authority for industries related to the digital economy shall notify them to rectify the situation within a prescribed period.

Advertisements published or broadcast on online advertisement platforms may not include content involving fraud.
Online advertisement platform operators shall establish the following management measures:
1. For online advertising services, the identity of persons commissioning the publishing and broadcasting and the capital contributor shall be verified through digital signature, rapid authentication system, or other technologies or methods with equivalent safety.
2. Carry out analysis and assessment for the risk of online advertising services being used for fraud crimes to establish a legal, necessary, and effective fraud prevention plan for fraud prevention, detection, identification, and response and publish a fraud prevention transparency report annually.
The fraud prevention plan outlined in subparagraph 2 of the preceding paragraph should establish a risk management system for fraud prevention based on the patterns of suspected advertisements published by the competent authority for industries related to the digital economy, the target business competent authorities, or industry associations and adopt necessary reinforced management measures for high-risk business relationships.
The applicable technologies or methods in subparagraph 1 of paragraph 2 and the format and content of the fraud prevention plan and the transparency report in subparagraph 2 shall be announced by the competent authority for industries related to the digital economy.

When publishing or broadcast ing advertisements on the platforms, online advertisement platform operators shall disclose the following information in the advertisements:
1. A label indicating it as an advertisement.
2. Information related to personnel commissioning the publishing and broadcasting and investors.
3.The license number of the advertisement that are legally required to have one.
4. Whether the advertisement uses deep fake technologies or AI-generated individual images.
If the online advertisement platform company has verified the identity of personnel commissioning the publishing and broadcasting and the investors according to subparagraph 1, paragraph 2 of the preceding article and if neither are categorized as high-risk business relationships stated in paragraph 3 of the preceding article, the information to be disclosed for the advertisement in the preceding paragraph may be simplified.
The personnel commissioning the publishing and broadcasting specified in subparagraph 2 of paragraph 1 refer to corporations, non-corporation groups, or individuals who engage in or commission others for the design, production, and publication of advertisements to promote products or provide services.
The deep fake technologies specified in subparagraph 4 of paragraph 1 referred to the technical exhibiting forms through computerized or other technological means, leading others to be misled into believing it is genuine..
The regulations for information disclosure standards, simplification methods, operating procedures, and other relevant matters stated in paragraphs 1 and 2 shall be established by the competent authority for industries related to the digital economy.

Online advertisement platform operators who are aware that the advertisements they publish or broadcast are fraudulent or significantly involve fraud shall act according to the following provisions:
1. Actively remove, restrict browsing, stop broadcasting such advertisements or adopt other necessary actions within the period notified by the judiciary police department, the competent authority for industries related to the digital economy, or the target business competent authorities and provide the information of the personnel commissioning the publishing and broadcasting, the investors, the network communication software accounts and telecom number in the advertisements that are suspected of involving fraud, and other relevant information to the judiciary police department.
2. For users who publish and broadcast fraudulent advertisements or those significantly involving fraud or users notified by the judiciary police department as accounts significantly involving fraud, the platform operator shall suspend the service provision for a reasonable period.
Online advertisement platform operators who violate the requirements in the preceding paragraph shall bear joint responsibility for damage compensation together with personnel commissioning the publishing and broadcasting of the advertisements and the investors for any harm caused to individuals who were misled by the content of the advertisements.
Online advertisement platform operators shall adhere to the principles of objectiveness, dedication, and timeliness when determining suspensions of services according to subparagraph 2 of paragraph 1.
The notification period stated in subparagraph 1 of paragraph 1 shall be announced by the competent authority for industries related to the digital economy.

When target business competent authorities or judiciary police department notify online advertisement platform operators that the content published or broadcast on their platforms is suspected of being related to fraud, the operators shall take the initiative to restrict access and browsing or remove the relevant content.

Third-party payment service providers shall exercise the obligations of care as a good administrator. For customers suspected of involving in fraud crimes, the providers shall enhance identity verification processes and may implement measures such as ongoing identity reviews, postponed appropriation, refusal to establish business relationships, or providing services.
When third-party payment service providers implement the operations in the latter part of the preceding paragraph, they may use the joint defense system to notify industry peers.
The standards for identifying customers suspected of involvement in fraud, notification procedures, and items, operational processes, and other matters shall be established by the competent authority for industries related to the digital economy.

When third-party payment service providers act according to the latter part of paragraph 1 of the preceding article, they shall keep the data obtained from identity verification procedures and transaction records and may report to the judiciary police department. After the judiciary police department receives the report, it shall notify the third-party payment service providers within a reasonable timeframe to carry out the subsequent control or cancel the control over the postponed appropriation mentioned in the latter part of paragraph 1 of the preceding article.
The data and transaction records in the preceding paragraph shall be kept for at least five years from the termination of business relationships. However, if other laws stipulate longer retention periods, those regulations shall prevail.
The competent authority for industries related to the digital economy shall coordinate the central competent authorities and competent legal affairs authority to establish the regulations regarding the scope of the preserved data and transaction records specified in paragraph 1, the methods for reporting to the judiciary police department, the subsequent control and control cancelation of postponed appropriation.

E-commerce companies and online gaming companies shall exercise the obligation of care as a good administrator to prevent their services from being used in fraud crimes and may adopt information used to promote fraud prevention to users and other reasonable measures.
When e-commerce companies and online gaming companies implement the reasonable measures in the preceding paragraph, they may use the joint defense system to notify peers to adopt reasonable measures such as informing users about fraud prevention.
When the judiciary police department or the target business competent authorities notify e-commerce companies and online gaming companies of the suspected involvement of fraud crime of their services, they shall cooperate with the judiciary police department or the target business competent authorities and suspend the service provision for user accounts that involve in fraud crimes for a reasonable period.

Online advertisement platform operators, e-commerce companies, and online gaming companies shall adopt feasible technologies to keep the digital evidence, documents, images, articles, user registration data and identity verification procedures, connection records, transaction records, or other relevant data that are sufficient for building users and individual transactions for a reasonable period. However, if other laws stipulate longer preservation periods, those provisions shall prevail.
Courts, prosecutor's offices, or the judiciary police department may request online advertisement platform operators, e-commerce companies, and online gaming companies to provide access to relevant data in the preceding paragraph. Such companies shall provide the data within three days from the day receiving the access notice and keep such data for six months to facilitate investigations by the judiciary police department. If litigation occurs, the data preservation period shall be extended to three months after the the final judgment.

Online advertisement platform operators, third-party payment service providers, telecom companies, and online gaming companies are exempted from their confidentiality obligations when implementing fraud prevention measures stated in this Act. The same shall apply to the responsible persons, directors, managers, and employees of the institutions or businesses.
Online advertisement platform operators, third-party payment service providers, telecom companies, and online gaming companies are exempted from the compensation responsibility when causing damages to customers or third parties due to the implementation of fraud prevention measures stated in this Act or arrangements made in cooperation with the judiciary police department and the target business competent authorities.

If any of the following circumstances occur to online advertisement platform operators, the competent authority for industries related to the digital economy may impose a fine of more than NT$0.5 million but less than NT$10 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation:
1. Failure to designate and report the legal representative in violation of paragraph 1 of Article 29 and failure to rectify after being notified of supplementation within a prescribed period according to paragraph 5 of the same article.
2. The legal representative neglecting their informing or assisting obligations in violation of subparagraph 2, paragraph 3 of Article 29.
3.Failure to remove, restrict browsing, stop broadcasting such advertisements, or take other necessary actions within the timeframe as notified by the judiciary police department, the competent authority for industries related to the digital economy, or the target business competent authorities in violation of subparagraph 1, paragraph 1 of Article 32.
4. Failure to suspend the service provision within a reasonable timeframe as notified by the judiciary police department in violation of subparagraph 2, paragraph 1 of Article 32.
For serious violations as described in subparagraph 1 of the preceding paragraph, the competent authority for industries related to the digital economy may impose a fine of more than NT$2.5 million but less than NT$100 million and order them to make corrections within a prescribed period; those who fail to make correction within the prescribed period, penalties shall be imposed per violation. The competent authority for industries related to the digital economy may also convene expert advisory meetings to order Internet access service providers to suspend analysis or restrict access.
For serious violations in subparagraphs 2 to 4 of paragraph 1, the competent authority for industries related to the digital economy may impose a fine of more than NT$2.5 million but less than NT$100 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation. The competent authority for industries related to the digital economy may also convene expert advisory meetings to order Internet access service providers or fast access service providers to adopt appropriate traffic management measures. Continued non-compliance may lead to suspension of resolution or other necessary actions.
Regulations for the recognition standards of severe in the two preceding paragraphs, the adoption of appropriate flow management measures, the determination standards for analysis suspension and access restriction, the composition of expert review meetings, missions, and other compliance matters shall be established by the competent authority for industries related to the digital economy.
Internet access service providers or fast access service providers are exempted from the compensation responsibility for damages to users or third parties when adopting traffic management measures, analysis suspension, or access restriction according to paragraphs 2 and 3.

If any of the following circumstances occur, the competent authority for industries related to the digital economy may impose a fine of more than NT$0.2 million but less than NT$5 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation:
1. Failure to disclose information or disclosing insufficient information in violation of Article 28.
2. Failure to verify the identity of personnel commissioning the publishing and broadcasting or investors in violation of subparagraph 1, paragraph 2 of Article 30.
3.Failure to establish a prevention plan or failure to publish a fraud prevention transparency report in violation of subparagraph 2, paragraph 2 of Article 30.
4. Failure to disclose information during the publication or promotion of advertisements in violation of paragraph 1 of Article 31.
5. Failure to provide the information of personnel commissioning the publishing and broadcasting of such advertisements and investors, the network communication software accounts and telecom number in the advertisements that are suspected of involving fraud, and other relevant information to the judiciary police department in violation of subparagraph 1, paragraph 1 of Article 32
6. Failure to adopt appropriate traffic management measures, analysis suspension, or access restrictions, in violation of the order imposed by the competent authority for industries related to the digital economy according to paragraph 2 or paragraph 3 in the preceding article.
If any of the circumstances in subparagraphs in the preceding paragraph that occur are deemed serious, the competent authority for industries related to the digital economy may impose a fine of more than NT$1 million but less than NT$25 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation.

If any of the following circumstances occur, the competent authority for industries related to the digital economy may impose a fine of more than NT$0.1 million but less than NT$2 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation:
1. Failure to preserve data or transaction records in violation of paragraph 1 of Article 35.
2. Failure to preserve data or transaction records for the required period in violation of paragraph 2 of Article 35.
3.Failure to suspend the service provision for user accounts involved in fraud crimes during the reasonable period in violation of paragraph 3 of Article 36.
4. Failure to comply with the access requests for data in violation of paragraph 2 of Article 37.
If any of the circumstances in subparagraphs in the preceding paragraph are deemed serious, the competent authority for industries related to the digital economy may impose a fine of more than NT$0.5 million but less than NT$10 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed by times.

To deal with fraud crime prevention emergencies and promptly prevent citizens from contacting fraudulent websites, the target business competent authorities and judiciary police department may order Internet access service providers to suspend analysis or restrict access when they consider it necessary.